Installing and Managing Patches

A patch is a collection of files and directories designed to improve the performance of a program or operating system. To put it in a more un-politically correct way, patches fix problems. Patches can fix simple things, such as misbehaving utilities, as well as serious security flaws. In Solaris 9, Sun provides the graphical Patches Tool and the patchadd and patchrm commands for patch management. To see whether your system needs a patch, go to http://sunsolve.sun.com/patches.

Sun distributes patches in three ways. You can obtain them from Sun's web page (http://sunsolve.sun.com/patches), anonymous FTP site (ftp://sunsolve.sun.com), or by CD-ROM if you have a SunSpectrum service contract.

A six-digit number followed by a hyphen and a two-digit extension identifies all Sun patches. Valid examples of patch numbers are 109715-05 and 110927-01. The first six numbers are referred to as the base code, and the last two numbers are the revision number of the patch. To add or remove patches, you must be the superuser or be able to assume an equivalent role.

Managing Patches Graphically

The Solaris Management Console includes a Patch Tool that enables you to view installed patches, add new patches, and add new patches to multiple systems at once. When you install Solaris 9 and open Patch Tool, it informs you that in order to achieve full functionality, you must download and install the PatchPro application from www.sun.com/PatchPro. If you download PatchPro, the Patch Tool can also analyze your system for patch needs and download them from the Internet for you. Sun insists that the process is secure and that no information about your computer is transmitted to Sun. Patch Tool is shown in Figure 2.5.

Figure 2.5: Solaris Management Console's Patch Tool

In Patch Tool, all patch management functions are performed through the Action menu.

Managing Patches via Command Line

Patches are added in Solaris 9 through the patchadd command. The syntax for patchadd is as follows:

 # patchadd arguments patch_id 

in which patch_id is the number of the patch you wish to install. Multiple patches can be added at once by separating the patch numbers with spaces.

When you use patchadd, the patch installation is logged in the /var/sadm/patch/patch_id/ log file. If for some reason the patch installation fails, or you want to later remove the patch, the log file is used to restore the patched files to their original state. If you use patchadd -d, the files to be patched will not be backed up and you will not be able to subsequently delete the patch. The -d option will save hard disk space. The following items will cause patch installation to fail:

• The patch requires another patch that is not installed.

• The patch is for a different hardware architecture.

• There is already an installed patch with the same base code but higher revision.

• The patch is incompatible with a currently installed patch.

To see what patches are installed on your computer, you have two options: patchadd -p and showrev -p. You can use either option to see installed patches on local and remote systems.

To remove a patch, use the patchrm command. There are three cases in which patchrm will fail:

• The patch you are trying to remove is required by another patch.

• The patch has been made obsolete by another patch.

• The patch was installed with the patchadd -d command.